[Snort-devel] Trying to get SNMP traps from Snort
Robert D. Hughes
rob at ...825...
Tue Oct 2 06:05:04 EDT 2001
Thanks! You were correct in that I saw the error message. My only other
question is that I was using that to cause the alert file to be created.
Is there a way that I can still get that file via snort.conf? I don't
seem to see anything about it there. I use to to upload to ARIS. If not,
ARIS now has a xml upload function, so I can use that, but it was nice
having an easily human readable file on the local machine.
From: Chris Green [mailto:cmg at ...81...]
Sent: Tuesday, October 02, 2001 7:28 AM
To: Robert D. Hughes
Cc: snort-devel at lists.sourceforge.net
Subject: Re: [Snort-devel] Trying to get SNMP traps from Snort
"Robert D. Hughes" <rob at ...825...> writes:
> 1. (*) text/plain ( ) text/html
> Thanks. I've been able to send traps from the command line to my
> management console, but have not snort been able to get traps to the
> management console from snort. This was a basic test to make sure
> snmptrap functioned and that nothing was blocking the port. Here's the
> script I use to start snort (its mailly unedited to avoid removing
> something important, so I apologize for its length):
Length is fine - try running
/bin/snort -A FULL -c /usr/local/etc/snort/snort.conf -deX -i dc0 -z \
( without the -D switch )
I think you will see a warning about "command line options overriding
config file logging"
Then try running without the -A FULL and instead only use logging
options in the config file.
Chris Green <cmg at ...81...>
"Yeah, but you're taking the universe out of context."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel